Is Microsoft adding TeslaCrypt Detections important to you?

Microsoft recently announced that they have updated their malicious removal tool to detect and "remediate" the TeslaCrypt ransomware infection due to the increased distribution and activity detected in August. There has been quite a bit of press surrounding this announcement and people have been getting the wrong idea that this means Microsoft can recover your files. Unfortunately this is not true. This announcement just means that Microsoft has added further detection for this ransomware and will remove it in the Microsoft Malicious Software Removal Tool (MSRT). I thought they were doing that already?

Microsoft also mentions the Talos TeslaDecrypt decryption utility that was released in April as a possible method of recovering your files. Unfortunately, TeslaDecoder only worked with the first two versions of the TeslaCrypt family and is no longer recommended due to its limited ability to recover your files. There is another program created by a member of BleepingComputer.com called TeslaDecoder that is able to decrypt more variants of TeslaCrypt and is the tool of choice. Even this tool, though, is not able to decrypt files encrypted by newer variants of TeslaCrypt.

I wish there was a silver bullet we could offer for this infection, but at this time a victim's choices are limited. You can either restore from backup, pay the ransom, or hopefully be able to live without the missing data.

Lawrence Abrams is the creator and owner of BleepingComputer.com. Lawrence's area of expertise includes malware removal and computer forensics. Lawrence Abrams is a co-author of the Winternals Defragmentation, Recovery, and Administration Field Guide and the technical editor for Rootkits for Dummies.